Now, hackers sneak into govt websites

NEW DELHI: Remote injection, authorisation bypass and Cult of the Dead Cow are terms that one would imagine keeps the ministry of health awake. But these are elements that make up a wider nightmare, which government departments ��� from Railways to Trai to Customs ��� suffer now-a-days.

Website hacking, especially of government sites, has attained critical mass in India and the Centre is donning the riot gear. The last few months have seen hackers attack the website of the Telecom Regulatory Authority of India, Indian Railways, Department of Telecom, Air Cargo Customs, National Institute of Social Defence, Forward Markets Commission, National Institute of Health & Family Welfare and BSNL, among others.

Ironically, the hackers even disfigured the website of the Department of Information Technology, the nodal agency that is supposed to fight the menace. Hackers have also crashed into the website of the wireless planning and co-ordination wing of DoT, the body which handles spectrum allocation.

In a bid to stem the tide, the IT department says it is in the process of hosting all servers of the key ministries in the country itself.

���We have entrusted the National Informatics Centre (NIC) with this task and the servers of most ministries have been moved to the government body,��� a DIT official told ET.

The Indian Computer Emergency Response Team (CERT-IN), a DIT body, is in the process of implementing a high-end attack detection solution to make the systems, especially government-owned ones safer. CERT-IN is also installing a network flow-based threat assessment solution to check the vulnerability of a particular website.

These moves are expected to bring down the number ���defacements��� and also improve security on these sites, substantially in future.

Yet stats show that despite all the efforts, the number of security-related incidents of hackers crashing Indian websites has been growing continuously. In January, 87 security incidents were reported compared with 45 in December 2007. Out of all the incidents, 47% were related to phishing, 21% unauthorised scanning, 25% incidents related to virus/worm under the malicious code category and 7% were related to technical help under other categories, reveal a government data.

In terms of overall defacement of websites, however, the numbers show a fluctuating trend. In January, only 30 incidents of defacement were reported compared with 509 in December and 305 in November. According to industry source, the government sector now accounted for 30% of all defaced Indian websites in 2007, when compared to around 27% in 2006. Quite startlingly, 16 out of the 30 defacements in January were in ���.in��� (government) sites compared with 14 out of 509 in December. When confronted with these numbers, DIT officials had a ready explanation: ���The difference in number may be because of underreporting by private agencies.���

Alarmed by the growing number of hacking incidences of government websites, the home ministry, in an earlier communication to all government departments, has said they should host their sites only on the central- and state government-owned servers, although it did not specify a timeframe for adherence to the missive.

The reason: The MHA pointed out that in the recent past, a number of government sites hosted in the servers of private companies, or those hosted in servers located outside India, were targets of different hacker groups. The home ministry and DIT want all ministries and departments to host their sites on National Informatics Centre (NIC) or ERNET (Education and Research Network) as a possible solution.